ByteOS Network

CVE Vulnerability Details :

CVE-2006-10001

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-05 Mar, 2023 | 20:31

Updated At-07 Aug, 2024 | 20:57

▼CVE Numbering Authority (CNA)

Subscribe to Comments Plugin subscribe-to-comments.php cross site scripting

A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.

Affected Products

Vendor

n/a

Product

Subscribe to Comments Plugin

Versions

Affected

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Cross Site Scripting

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Cross Site Scripting

Metrics

Version	Base score	Base severity	Vector
3.1	3.5	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.0	3.5	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
2.0	4.0	N/A	AV:N/AC:L/Au:S/C:N/I:P/A:N

Version: 3.1

Base score: 3.5

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Version: 3.0

Base score: 3.5

Base severity: LOW

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Version: 2.0

Base score: 4.0

Base severity: N/A

Vector:

AV:N/AC:L/Au:S/C:N/I:P/A:N

Credits

tool

VulDB GitHub Commit Analyzer

Timeline

Event	Date
Advisory disclosed	2023-03-04 00:00:00
CVE reserved	2023-03-04 00:00:00
VulDB entry created	2023-03-04 01:00:00
VulDB last update	2023-03-31 12:24:01

Event: Advisory disclosed

Date: 2023-03-04 00:00:00

Event: CVE reserved

Date: 2023-03-04 00:00:00

Event: VulDB entry created

Date: 2023-03-04 01:00:00

Event: VulDB last update

Date: 2023-03-31 12:24:01

References

Hyperlink	Resource
https://vuldb.com/?id.222321	vdb-entry technical-description
https://vuldb.com/?ctiid.222321	signature permissions-required
https://github.com/wp-plugins/subscribe-to-comments/commit/9683bdf462fcac2f32b33be98f0b96497fbd1bb6	patch
https://github.com/wp-plugins/subscribe-to-comments/releases/tag/2.0.8	patch

Hyperlink: https://vuldb.com/?id.222321

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.222321

Resource:

signature

permissions-required

Hyperlink: https://github.com/wp-plugins/subscribe-to-comments/commit/9683bdf462fcac2f32b33be98f0b96497fbd1bb6

Resource:

patch

Hyperlink: https://github.com/wp-plugins/subscribe-to-comments/releases/tag/2.0.8

Resource:

patch

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://vuldb.com/?id.222321	vdb-entry technical-description x_transferred
https://vuldb.com/?ctiid.222321	signature permissions-required x_transferred
https://github.com/wp-plugins/subscribe-to-comments/commit/9683bdf462fcac2f32b33be98f0b96497fbd1bb6	patch x_transferred
https://github.com/wp-plugins/subscribe-to-comments/releases/tag/2.0.8	patch x_transferred

Hyperlink: https://vuldb.com/?id.222321

Resource:

vdb-entry

technical-description

x_transferred

Hyperlink: https://vuldb.com/?ctiid.222321

Resource:

signature

permissions-required

x_transferred

Hyperlink: https://github.com/wp-plugins/subscribe-to-comments/commit/9683bdf462fcac2f32b33be98f0b96497fbd1bb6

Resource:

patch

x_transferred

Hyperlink: https://github.com/wp-plugins/subscribe-to-comments/releases/tag/2.0.8

Resource:

patch

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References